On 02/07/2013 02:31 PM, Peter Lebbing wrote: > You seem to be implying that unless something is perfect, something is bogus, > and people should not bother.
No. I am arguing that if you do not/cannot trust the machine you're running GnuPG on, *there is no dongle you can add to your system to restore your trust in that machine*. You want a system in which, even if GnuPG is compromised, you can't be tricked into signing something other than what you intend to sign -- where, even if GnuPG is compromised, you can trust the signatures you make. Good luck. It can't be done. You need to be able to trust your hardware. If you don't, then no matter what dongle you use, the door is open for an enterprising malcontent to exploit you in any of hundreds of ways. > Why do you even have GnuPG if you feel that an attacker worth your > time would have you in his pocket? Because I trust my hardware. If you can trust your hardware, then there's a lot of stuff you can do. If you can't trust your hardware, then the only thing you should be doing is figuring out a way to restore that trust. > Actually, you might want to rethink that whole Fedora thing, because I think > someone has gone through quite some effort for your private key. He even > pretended to be Werner Koch, and laughed himself silly when you gave him a > bloody account to the machine he already owned more than you did. Sure. That's theoretically possible. I don't believe it to be true, though. My machine is trusted not because I'm certain that it's immune to being pwn3d, but because I acknowledge that it can break my local security policy and I'm willing to accept what I perceive as the risks. If you don't trust your hardware, then that means you're not willing to accept the risks you perceive. And that's a really big problem. If you're not willing to accept the risks you perceive as associated with your hardware, then why are you using your hardware? > I'm slightly confused. Because everything you object to the device I have in > mind is equally well deployed against the smartcard, yet the smartcard > apparently is not bogus. The smartcard solves a completely different problem than what you're talking about. This is why there's a differential answer. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users